NDSS 2014 – Posters

Securing Execution in Many-core Architectures

Ramya Jayaram Masti, Devendra Rai, Claudio Marforio, Srdjan Capkun

We explore how many-core platforms can be used to enhance the security of future systems and to support important security properties such as runtime isolation using a small Trusted Computing Base (TCB). We focus on the Intel Single-chip Cloud Computer (SCC) to show that such properties can be implemented in current systems. We design a system called SEMA which offers h2 security properties while maintaining high performance and flexibility enabled by a small centralized TCB. We further implement and evaluate the feasibility of our design. In particular, our prototype consists of a bare-metal TCB which is able to execute applications in isolation and accommodate dynamic resource requests from them.

We show that, with minor modifications, many-core architectures can offer some unique security properties, not supported by existing single- and multi-core architectures, such as application context-awareness. Context-awareness, a new security property that we define and explore in this work, allows each application to discover, without any interaction with the TCB, which other parts of the system are allowed to interact with it and access its resources. We further evaluate how an application can defend itself from an unlikely, yet potentially compromised, malicious trusted computing base.

CryptoCall: Simple End-to-End Cryptography for Voice Calls on Android

Sergej Dechand, Dominik Schürmann, Jürgen Koslowski, Matthew Smith

Today’s state of the art mobile phone infrastructures like GSM or UMTS do not support end-to-end security. GSM wiretapping can now be performed with cheap off-the-shelf hardware with little effort. While there are several VOIP solutions that offer encryption, they are often black-box solutions, require centrally managed user accounts, or require users to compare cryptographic hashes – each bringing with it different disadvantages. We present an open source, peer-to-peer VOIP encryption solution for Android, which does not require central user enrolment or that the user compare cryptographic hashes. The service offers end-to-end security, based on OpenPGP using the user’s phone number as the identifier. Since there is no central management server the SIP calls are set up using text messages and protected with TLS and SRTP. To make key-management more usable we implement several exchange mechanisms, including NFC, QR-Codes and a trust-on-first use key-exchange, which can optionally be augmented by a Certificate Transparency infrastructure.

The advent of wearable camera devices (like Google Glass, Narrative Clip, Autographer, and Samsung’s Galaxy Gear Smartwatch) has raised important concerns about privacy. Because these devices can capture images at a high frame rate and without user interaction, we need automated techniques for detecting and flagging private information. Prior work such as ‘PlaceAvoider’ has considered identifying potentially sensitive images based on ‘where’ the photos were taken, screening out images from locations like bedrooms and bathrooms. While this approach works well in some situations, it does not examine ‘what’ objects in the image may signal privacy violations. In this work we present ObjectAvoider, which uses computer vision algorithms to detect images with objects that are often sources of sensitive information, like computer screens and paper documents. Our preliminary experiments demonstrate that ObjectAvoider is capable of detecting most images containing such objects.

Balancing between Power Efficiency and High Performance on Software-based Intrusion Detection System

Recent research on intrusion detection systems (IDSes) has mainly focused on improving the traffic analyzing rate to meet the increasing bandwidth requirements [4], [5]. This has prompted the rise of hybrid usage of CPUs and GPUs well as FPGA/ASIC-based IDS systems that scale well to tens of Gbps of the ingress traffic rate [2], [3], [6]. One noticeable concern with these systems, however, is that they typically become a power hog that consumes several hundreds (up to a thousand) of watts of processing power. In recent years, low-powered programmable many-core processors (MCPs) have actively reduced the power usage despite with tens of processors. Although IDSes running on MCP hardware show promising results, they fail to scale at ingress rates of 10+ Gbps due to (i) high memory access contention and (ii) increased branched instruction prediction misses.

In this work, we seek the right balance between power efficiency and high performance on signature-based IDS on a Tilera board [1]. In normal situations, our system analyzes entire ingress traffic in a power-efficient way, solely using the co-processor. However, when the system is under stress (opportunistic offloading mode), the IDS starts delegating subtasks to the host system. We have devised the offloading mode in two flavors. (i) In a flow-centric offloading mode, only the packets from new connections bypass the MCP and are directly forwarded to the host system for comprehensive analysis. (ii) In a functional offloading mode, the entire ingress traffic is first processed by the MCP; and only suspect flows (that pass the first stage of multi-attack string pattern matching phase) are subsequently offloaded to the host system for further analysis. We compare the effectiveness of these approaches and aim to achieve a multi-10 Gbps analyzing rate while consuming only a few tens to hundreds of watts.

SafeSlinger: Easy-to-Use and Secure Public-Key Exchange

Users regularly experience a crisis of confidence on the Internet. Is that email or instant message truly originating from the claimed individual? Such doubts are commonly resolved through a leap of faith, expressing the desperation of users. To establish a secure basis for online communication, we propose SafeSlinger, a system leveraging the proliferation of smartphones to enable people to securely and privately exchange their public keys. Through the exchanged authentic public key, SafeSlinger establishes a secure channel offering secrecy and authenticity, which we use to support secure messaging and file exchange. SafeSlinger also provides an API for importing applications’ public keys into a user’s contact information. By slinging entire contact entries to others, we propose secure introductions, as the contact entry includes the SafeSlinger public keys as well as other public keys that were imported.

The Case for Provenance as a First Class Citizen in the Linux Kernel

Adam Bates and Kevin R. B. Butler

Provenance is a well-known concept in the art world, but is relatively new to computer science. The idea is that a system can gather and report metadata that describes the history of each object being processed. This allows system users to track, and understand, how a piece of data came to exist in its current state on the system. Unfortunately, the automated provenance proposals that exist today operate under very different models and assumptions, leading to poor security practices, redundant efforts, slower development, and a lack of independent evaluation. These issues point to a pressing need for a dedicated platform for provenance development. We present the design of the first generalized framework for the development of automated, whole-system provenance collection on the Linux operating system. Our provenance framework was designed with consideration for the myriad proposals for provenance-aware systems that can be found in the literature.

Implicit Authentication using Sensor Data

Hilmi Gunes Kayacik, Mike Just, Lynne Baillie, David Aspinall

Our work focuses on implicit authentication on mobile devices using data collected from various sensors. Implicit authentication operates in the background and compares the current behaviour with the user profile. If the behaviour deviates sufficiently from the established norm, actions such as explicit authentication can be triggered. We propose a modelling technique that captures temporal and spatial contexts and builds user models in a data driven fashion. We present our late-breaking results here and aim to expand our work to investigate different training paradigms and data driven methods for learning user behaviour and detecting unauthorised use.

RayDroid: An anomaly discovery framework for Android

Lidong Zhai, Fan Yang, Yue Li, Li Guo, Yuejin Du

Smartphones have completely improved our life. In the meantime, more and more applications are developed for smartphones. However, not all of them are aimed at improving our life. To discover the anomaly that applications cause, we propose the design and implementation of RayDroid, which monitors the behavior of applications and the flow of data both in Android Framework level and Linux kernel level, aiming to discover the anomaly of smartphones through the analysis. We implemented the prototype of RayDroid, and show it’s effective and efficient through the evaluation.

OpenFlow is a rapidly developing communication networks technology that segregates the data-plane, handled by networking devices, from the control-plane, handled by a remote server. This segregation allows external applications to extend the OpenFlow controller functionality and facilitates flexibility, innovation, and ease of management. Despite its attractiveness many companies are reluctant to upgrade their networks to OpenFlow because their intrusion detection systems as well as a number of other supporting facilities fail to keep pace with the development of OpenFlow. In this paper we propose a solution that (1) allows using existing monitoring facilities (that are based on NetFlow and similar protocols) alongside OpenFlow networks; (2) does not require modifying the OpenFlow components; and (3) optimizes the monitoring resources consumption.

We have many security enforcement techniques deployed in commodity systems. But we lack of universal benchmark program to evaluate these techniques. This poster introduces working project named ‘unider ’, a universal exploit attack emulator. Unider works on recent Windows systems and supports state-of-art exploit techniques. By using unider , researchers can evaluate their defense techniques quickly and conveniently.

De-anonymizing Mobility Traces and Social Data using Social Auxiliary Information

In this poster, we present a novel, robust, and effective de-anonymization attack on mobility trace data and social data. The experimental results demonstrate that our proposed de-anonymization attack is very effective and robust to noise.

The Usability of a Mobile Device Liveness Analysis Application

Mozhgan Azimpourkivi, Umut Topkara, Mahmudur Rahman, Bogdan Carbunar

The ubiquitous nature of mobile phones has significantly facilitated the ability to capture, then share visual contents through social media. In previous work, we have proposed Movee, an application for verifying the liveness of captured videos in smartphones. Movee evaluates the agreement between the motion information inferred from accelerometer sensor as well as the captured video. The accuracy of Movee depends on the collected accelerometer data. In this work, we propose different user interface designs for Movee. We have the dual goal to (i) suggest to users the requirement of moving the camera when capturing videos and (ii) maximize usability. We provide preliminary results on the satisfaction of these goals through several innovative user interface designs.

Life-Experience Passwords

Simon S. Woo, Jelena Mirkovic, Elsi Kaiser

User-supplied textual passwords are extensively used today for user authentication. However, these passwords have serious deﬁciencies in a way they interact with human natural ability to form memories. h2 passwords that are hard to crack are also hard for humans to remember, while memorable passwords are easily brute-forced or guessed. Recently, a number of alternatives to textual passwords have been proposed, such as drawing a password, selecting images from a list, learning a tune, etc. All these approaches have a common deﬁciency that they ask users to form new memories, which leads either to easily-remembered, easily-guessed or secure but easily-forgotten passwords. We propose novel life-experience passwords (LEPs). Unlike existing approaches, our passwords are built from a user’s episodic memory about deﬁning life events, and should be both more memorable and harder to guess than traditional passwords.

Evaluation of Android applications based on Sensitive Behaviors

Daiyong Quan, Lidong Zhai, Cui Xiang, Yan Jia

At install-time, the permissions required by an application are too coarse-grained and too much reliant on average users’ knowledge and expertise. Many users often ignore the alert message even if the user is warned with the potential security threat of the application. We propose a user-friendly evaluation of Android applications, to help the user to easily understand the trustworthiness degree of an application. We have proposed a novel classification of Android APIs from the security point of view. We compute a global threat score for each application according to the criticality of application invoked APIs. The user can consider the trustworthiness level of the application by only observing the result of this evaluation process, without the need of understanding all of the requested permissions.

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of applications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export.

Challenges in NextGen Air Traffic Management

Martin Strohmeier, Matthias Schäfer, and Ivan Martinovic

In order to meet future demands in increasingly congested airspaces, aviation authorities are currently upgrading the world’s air-traffic management systems. The Automatic Dependent Surveillance-Broadcast (ADS-B) protocol is at the core of this Next Generation Air Transportation future. It allows aircraft to broadcast their position periodically over a radio frequency to ground stations or other aircraft. Originally open by design, ADS-B lacks any security or authentication mechanism, enabling passive and active attacks on the wireless communication channel. This includes but is not limited to the injection or flooding of a ground station with ghost aircraft, virtual trajectory modification, aircraft disappearance, and aircraft spoofing.

The research presented in this poster seeks to address the security challenges in ADS-B. We want to understand both the behavior of the wireless channel to advance protocol development, and research statistical detection methods to create quick and transparent security improvements. These detection methods include:

* Designing an aircraft trajectory verification method based on RSS sampling.
* Fingerprinting transponder signals with self-defined features in the time domain.
* Searching for advanced fingerprinting features in the frequency domain employing fast Fourier transform and principal component analysis.

Hardware Trojans – Detect and React?

Hardware Trojans are a serious threat. In comparison to their software counterparts, appropriate detection measures are still missing. The main reason is that there are no malware implementations to develop and test against. To solve this, we implemented a Hardware Trojan Kit (HTK) that enables the modular construction of Hardware Trojans based on the attributes activation, covert communication, payload and detection. We included invasive detection methods (i.e. inserted during the design phase to support the detection of modifications in postproduction) as it will allow to test attack- and defense methods in a modular way. Then we analyzed these implementations for typical hardware structures. We identified multiple such structures that can serve as a warning signal. They will allow the development of more accurate detection methods.